Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

Overview

SafeBase helps B2B SaaS companies close enterprise deals faster by streamlining the security assessment process. We take security seriously and have a dedicated internal security team. Our security team's controls and policies are detailed in this Trust Center. If you have any additional questions or concerns, please email us at security@safebase.io

Compliance

SOC 2 Logo
SOC 2
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
CCPA Logo
CCPA

SafeBase is Trusted By

OpenAI-company-logoOpenAI
LinkedIn-company-logoLinkedIn
Abnormal Security-company-logoAbnormal Security
Asana-company-logoAsana
Wiz-company-logoWiz
HubSpot-company-logoHubSpot
Instacart-company-logoInstacart
ClickUp-company-logoClickUp
Plaid-company-logoPlaid
Ramp-company-logoRamp
Crossbeam-company-logoCrossbeam
GitLab-company-logoGitLab
T-Mobile-company-logoT-Mobile
Jamf-company-logoJamf
Palantir-company-logoPalantir

Documents

Featured Documents

COMPLIANCESOC 2
REPORTSPentest Report
SELF-ASSESSMENTSVSAQ
REPORTSNetwork/Data Flow Diagram
SELF-ASSESSMENTSCAIQ

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective24 hours
View more

Product Security

Audit Logging
Integrations
Multi-Factor Authentication
View more

Reports

Network/Data Flow Diagram
Pentest Report

Self-Assessments

CAIQ
CAIQ Lite
MVSP
View more

Infrastructure

Status Monitoring
Business Continuity & Disaster Recovery
Cloud Service Provider
View more

Data Security

Access Monitoring
Data Backups
Data Erasure
View more

App Security

Responsible Disclosure
Credential Management
Secure Development Training
View more

AI

AI Security
AI Training Data and Bias
AI Usage Training

Legal

SubprocessorsAlgolia-company-logoAmazon Web Services (AWS)-company-logoAuth0-company-logoBasedash-company-logoCensus-company-logo
Cyber/Liability Insurance
Data Processing Agreement
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

DNSSEC
Firewall
IDS
View more

Corporate Security

Employee Training
HR Security
Incident Response
View more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Security Grades

ImmuniWeb
app.safebase.io
A
Qualys SSL Labs
Main API Endpoint
A+
Landing Page
A
Security Headers
app.safebase.io
A
Trust Center Updates

SafeBase not affected by the Next.js authorization bypass vulnerability

Vulnerabilities
Copy link

SafeBase does not use Next.js middleware and is therefore not affected by CVE-2025-29927.

As a precautionary measure, we have deployed mitigations at the WAF level in accordance with GitHub's advisory notice.

Published at N/A

Subprocessor Updates - Drata Acquisition

Subprocessors
Copy link

On February 11th, Drata announced the acquisition of SafeBase. As part of the acquisition, SafeBase will be expanding our current subprocessors to include the following Drata subprocessors.

Prior to engaging any third party subprocessor, we perform diligence to evaluate subprocessor privacy, security, and confidentiality practices, and execute agreements implementing vendor’s applicable obligations.

Cloudflare

  • Purpose: Content delivery network & WAF
  • Location: United States

Amazon Web Services

  • Purpose: Hosting & Infrastructure
  • Location: United States, European Economic Area & Australia

Census

  • Purpose: Reverse ETL
  • Location: United States

Chameleon

  • Purpose: Digital Adoption Platforms
  • Location: United States

Decodable

  • Purpose: ETL Solution for Product Data
  • Location: United States, Germany & Australia

dbt Labs

  • Purpose: Data Transformation and Modeling
  • Location: United States

Liveblocks

  • Purpose: End user collaboration.
  • Location: United States

ProductBoard

  • Purpose: Product feedback and prioritization
  • Location: United States

Sigma Computing

  • Purpose: Data Analytics & Visualization
  • Location: United States

Snowflake

  • Purpose: Data Warehouse
  • Location: United States

SurveySparrow

  • Purpose: Net Promoter Score
  • Location: United States

Catalyst

  • Purpose: Customer Success Management Platform
  • Location: United States

Wiz

  • Purpose: Cloud Security: Data Security Posture Management (DPSM)
  • Location: United States

WorkOS

  • Purpose: SSO Integration Connector
  • Location: United States

Front

  • Purpose: Unified Customer Messaging
  • Location: United States

A complete list of subprocessors can be found on the Drata Trust Center and SafeBase Trust Center.

Published at N/A

SafeBase not affected by Zapier security incident

Vulnerabilities
Copy link

SafeBase is not affected by the Zapier security incident. More information on the incident can be found at: https://www.theverge.com/news/622026/zapier-data-breach-code-repositories

Published at N/A

New SOC 2 Type 2 Report Available for Download

Compliance
Copy link

We have completed our latest SOC 2 Type 2 audit! The new report is available in our Trust Center.

Published at N/A

SafeBase not affected by the XZ Utils backdoor vulnerability

Vulnerabilities
Copy link

SafeBase is not affected by the XZ Utils backdoor vulnerability.

Our security team has reviewed all OS versions deployed in our environment and confirmed that none of the impacted operating systems or versions are utilized.

For more details on this vulnerability, please visit https://nvd.nist.gov/vuln/detail/CVE-2024-3094 and https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils.

Published at N/A

If you need help using this Trust Center, please contact us.

Contact Support

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Built onSafeBase by Drata Logo